Score:

The Virtual Bookcase Reviews of 'Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses':

Revieweramazon.comwrote:In defending your systems against intruders and other meddlers, a little knowledge can be used to make the bad guys--particularly the more casual among them--seek out softer targets. Counter Hack aims to provide its readers with enough knowledge to toughen their Unix and Microsoft Windows systems against attacks in general, and with specific knowledge of the more common sorts of attacks that can be carried out by relatively unskilled "script kiddies." The approach author Ed Skoudis has chosen is effective, in that his readers accumulate the knowledge they need and generally enjoy the process. The best part of this book may be two chapters, one each for Windows and Unix, that explain the essential security terms, conventions, procedures, and behaviors of each operating system. This is the sort of information that readers need--a Unix person getting into Windows administration for the first time needs an introduction to the Microsoft security scheme, and vice versa. A third chapter explains TCP/IP with focus on security. With that groundwork in place, Skoudis explains how (with emphasis on tools) attackers look for vulnerabilities in systems, gain access, and maintain their access for periods of time without being discovered. You'll probably want to search online resources for more specific information--Skoudis refers to several--but this book by itself will provide you with the vocabulary and foundation knowledge you need to get the details you want. --David Wall Topics covered: How black-hat hackers work, what tools and techniques they use, and how to assess and improve your systems' defenses. The author explains how Windows, Unix, and TCP/IP can be exploited for nefarious purposes, and details a modus operandi that's typical of the bad guys. ReviewerRob Sladewrote:
Chapter one, as in many texts, is an introduction to the book, but is
unusually important in this case. First, Skoulis lays out the
philosophy behind the work. While the text of the book does
concentrate on attacks, the author points out that invaders already
have other sources of information. Further, Skoulis proposes that a
detailed, complete, and integrated examination of representative
samples of classes of attacks will provide an outline of defensive
measures that can protect against a wide variety of assaults.
A second point in this introduction is a brief examination of the
character of attackers. Skoulis does point out that those who attempt
to penetrate computer and communications security do so from a
diversity of motivations and skill levels. However, he does tend to
overstress the participation of "professional hackers," proposing that
industrial espionage, terrorism, and organized computer crime
activities are common. Certainly such campaigns may become common,
making the need for pre-planning even more important, but the vast
majority of endeavors we are seeing at present are amateur efforts.
Finally, the introduction recommends the establishment of a computer
security test laboratory, which is an excellent idea for any large
corporation, but probably is not within the financial, personnel, or
educational reach of even medium sized businesses.
Chapter two provides a background in TCP/IP for the purposes of
discussing networking offence and defence. There are frequent forward
references to later sections of the book that deal with network
attacks. The material could, however, have been condensed somewhat to
emphasize those aspects of the protocols that are closely related to
security. UNIX and Windows (NT and 2000) are similarly covered in
chapters three and four, and, again, the text could be tightened up by
focusing on safety factors.
Chapter five points out the ways in which people can obtain data in
order to direct and mount an attack. While the content is
informative, and there are a few suggestions for restricting the
release of such intelligence, the defensive value of the text is
limited. The information gathering process continues in chapter six
with war dialling and port scanning. Defences against application and
operating system attacks are covered a bit better than in most
"hacking" books (there are descriptions of buffer overflow detection
tools), but the protective value of chapter seven is still
questionable. Chapter eight examines network sniffing, scanning,
spoofing, and hijacking. Denial of service is covered well in chapter
nine. Various examples of malware are described in chapter ten.
Chapter eleven deals with the means used to hide an attack.
A number of scenarios are created in chapter twelve. Chapter thirteen
describes some resources for keeping up with the latest computer
vulnerabilities.
Recently there has been a flood of books to the security marketplace,
all based on the premise that if you know how to attack a system, you
will know how to defend it. Skoulis has done a better job than most,
but the thesis is still unproven. Yes, knowledge of the details of an
attack does help you fine tune your defence. Yes, providing specifics
of an example of a class of attacks does help you consider a
protective mechanism that might work against a whole class. Yes,
Skoulis does recommend safeguards for most of the attacks listed. But
taking a crowbar to a padlock still doesn't teach you locksmith
skills.
copyright Robert M. Slade, 2001Add my review for Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses